Healthcare security technology vendor Sensato and consulting firm Divurgent created the Medical Device Cybersecurity Task Force, a new group focused on developing best practices for both healthcare organizations and medical device manufacturers to secure the devices, which are widely recognized as an under-protected technology.

Two other vendors have joined the task force in its first three months, including Renovo Solutions and VMware Inc., which operates AirWatch. One medical device manufacturer, Baxter, has joined the group. And 15 health systems and hospitals have joined, including Beebe Healthcare, Children’s Hospital of Atlanta, Lehigh Valley Health Network and Intermountain.

“We continually get asked by clients what the best practices are for securing medical devices, how do we protect these things,” said John Gomez, CEO of Sensato and co-founder of the task force. “There is little guidance and a lot of misinformation. While there are other organizations doing work in this space, we thought it was important to create a fast-moving, very tactical group that could come to the industry with a set of best practices.”

The Medical Device Cybersecurity Task Force has three short-term goals. The first is to create a set of best practices for healthcare provider organizations, the second is to create a set of best practices for medical device manufacturers, and the third is to develop an iPad and web app that will help healthcare organizations evaluate medical devices and at the same time feed a database that task force members can access to study the market.

“The reality is both sides – providers and manufacturers – do not understand how much the other side does not know,” Gomez said. “When I talk with manufacturers, they understand they need to do something, but they have never had to deal with cybersecurity before, it’s not a part of their DNA. And on the hospital side, they’re realizing they’ve never had to lock these things down. In fact, medical devices have not even been part of the IT group in hospitals. So both sides have common ground where they both are looking for answers.”

Beebe Healthcare joined the task force to bolster its existing efforts to secure its medical devices and help build bridges with device manufacturers.

“The healthcare industry is in the crosshairs of the cybercriminal community, and they are looking for new vectors to exploit vulnerabilities to infiltrate our systems,” said Michael J. Maksymow, vice president and CIO at Beebe Healthcare. “It is no secret that medical devices are among the exploitable entry points. Beebe has been working for quite some time mitigating risks posed by poor security or lack of security in medical devices and systems, but ultimately we need the attention of our medical device manufacturers to ensure security is a forethought in the development of the devices rather than an afterthought.”

Maksymow believes the healthcare industry was in need of a group specifically tasked to devise the best ways to guard medical devices.

“Many of us felt IT security has been getting traction in our respective organizations, but not specifically in the medical device space, and therefore we felt compelled to start at a grassroots level to get some momentum in this area – a call to action,” he said. “The intention of this group is to collaborate with other industry organizations, exchange information and findings, and share the product we develop to all stakeholders in the industry.”

For more information on the Medical Device Cybersecurity Task Force or to join, click here. 

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn